How to extract hashes and crack Windows Passwords

This page will help you to know how to extract hashes from Windows systems and crack them.

It's all about LM and NTLM hashes

admin

Windows

LM and NTLM basics

The LM hash is the old style hash used in Microsoft OS before NT 3.1. Then, NTLM was introduced and supports password length greater than 14.
On Vista, 7, 8 and 10 LM hash is supported for backward compatibility but is disabled by default.

The goal is too extract LM and/or NTLM hashes from the system, either live or dead. These hashes are stored in memory (RAM) and in flat files (registry hives).

Extracting the hashes from the SAM (locally)

If LM hashes are enabled on your system (Win XP and lower), a hash dump will look like:

Extracting Windows Password hashes from memory (RAM)

Extracting Windows Password hashes remotely

Man In the Middle attack

You can use ettercap and the man in the middle attacks to sniff the username and password of a user over the network.
You can read ettercap tutorials.
There so much that ettercap can do and there are many tutorials covering how to use it !

Dump Tools

Here, AnAdministrativeUser's account will be used to perform the password dump. Keep in mind that any user used to perform password dumps needs administrative credentials. In this scenario, you will be prompted for the password before the password dump starts.
fgdump hashes are stored in *.pwdump file ; pwdump6 will dump the SAM to the screen.